Tag Archives: National Security

Square Legal Pegs in Round Cyber Holes: The NSA, Lawfulness, and the Protection of Privacy Rights and Civil Liberties in Cyberspace

One of the major themes of the Cyberspace Policy Review (the Review) is that a national strategy on cybersecurity must be consistent with the protection of privacy rights and civil liberties guaranteed by the Constitution and the law. Indeed, President Obama underscored that point in announcing the Review when he said that his Administration “will preserve and protect the personal privacy and civil liberties that we cherish as Americans,” reiterating the theme from his inaugural address that choosing between our safety and our ideals is a false choice. The authors of the Review are to be commended for encouraging a national dialogue on how this can be achieved while promoting national and economic security. Intelligence agencies, particularly the National Security Agency (NSA), are at the intersection of these vital interests, and intelligence lawyers face daunting but tremendously exciting and important opportunities to help ensure that their agencies operate in ways that effectively balance demands for both privacy and civil liberties and for the security of cyberspace.

The Past, Present, and Future of Cybersecurity

The cyber threat is the most pervasive and pernicious threat facing the United States today. Its mention does not immediately conjure visions of the catastrophic horrors that would result from an attack using a weapon of mass destruction, but today’s cyber threat is a very real and present danger. As of September 14, 2009, more than 10,450,000 U.S. residents had been victimized by identity theft in 2009 alone, and that number increases by one victim each second.2 Fifteen million victims will lose more than fifty billion dollars each year.3 Specific threats such as identity and consumer fraud allow us to quantify and understand part of the cyber threat in terms that allow the U.S. government,4 corporate America,5 consumer groups, and individuals6 to take preventive action. However, the growing number of victims would clearly suggest we have not effectively solved the problem, even if we are starting to comprehend its scope.

The cyber threat to U.S. national security, economic security, and public health and safety is far more amorphous and less susceptible of comprehension than its kinetic analogs. Popular media productions such as 247 and Live Free or Die Hard8 have depicted sophisticated cyber intrusions that intentionally caused aircraft collisions, a nuclear power plant meltdown, a compromise of White House security and communications…

History Repeats Itself: The 60-Day Cyberspace Policy Review in Context

On February 9, 2009, President Obama gave his National Security and Homeland Security Advisors 60 days to conduct a Cyberspace Policy Review.1 The stated purpose of this “60-Day Review” was to provide a comprehensive assessment of U.S. policies for cybersecurity.2 According to a White House press release, the review would “develop a strategic framework to ensure that U.S. Government cyber security initiatives are appropriately integrated, resourced and coordinated with Congress and the private sector.”3

The 60-Day Review was an ambitious project and, in the end, took more than 60 days to complete.4 When the final report was issued on May 29, 2009, it offered a careful assessment of the current situation and a broad vision of what the United States must accomplish to secure our digital future. This vision, however, was not fundamentally different from previous iterations of cybersecurity strategy that the U.S. government has issued over the past 12 years.

The 60-Day Review undoubtedly represents a critical step toward addressing the many challenges the United States faces in working to secure its public and private information systems. However, it is important to place this document in proper context and understand what it accomplishes and what business it leaves unfinished. Before much progress can be made in improving cybersecurity, there are some tough policy decisions that have to be made.

The 60-Day Review does not take on many of those decisions. Rather, it provides an accurate and troubling picture of what the country is up against. It offers a glimpse of the daunting but important tasks of trying to harmonize the cybersecurity programs within government, establishing an effective partnership with the private sector, and developing strong relationships with other nations to combat cyber crime. It recommends…